On the night of November 30, the verified Twitter handle of Congress vice-president Rahul Gandhi, @officeofRG, was hacked and some abusive comments were posted. This went on for some time before it was ‘restored’ to Gandhi.

While Congress spokespersons lost no time to blame the opposition for the episode even before a police case was filed, little did they know that the next day the Congress’ Twitter handle @INCIndia, its website and email system would be the next target of hackers.

Incidentally, while Gandhi’s Twitter account has 1.22 million followers, the Congress account has 1.38 million. This clearly shows the impact on the digital community who follow Twitter for first-hand news.

While the attacks are clearly hacking — in cyber parlance, ‘unauthorised access’ — the source of the attacks could be from various points that could be both from domestic and international internet protocol (IP) addresses. The motives for such attacks could range from internal sabotage to the thrill of techies or attempts from political adversaries.

Hence the need for proper investigation to find the actual identity of the perpetrators with certainty. Instead of making political noise, it would be prudent for the Congress to check its own ecosystem that handles the two prominent Twitter handles, as well as its overall digital infrastructure involving websites, emails and WhatsApp groups. This way, future lapses or sabotage can be identified and addressed.

Linking this issue to the security of the present infrastructure to facilitate digital payments and ring in amore cashless economy is diversionary. Such blame games will lead to nowhere as it would be hard to convince anybody that such attacks have anything to do with the government or the ruling dispensation.

For the government and the law enforcement system, it is essential to investigate the incidents thoroughly and also push Twitter leadership to provide information on the IP addresses and other qualifiers from where those intrusions happened.

The procedures are clearly laid out for addressing such breaches, and should be carried out by the department of telecom (DoT) under the current licensing conditions for service providers. Likewise, the department of electronics and IT should push the ‘intermediary’ within its jurisdiction.

Hacking is a very common form of cyber attack that happens in various forms. The larger issue is if there are procedures laid down to address them and if there is the capacity to investigate them when such attacks are reported. In the current case, the accounts were with Twitter, which in the context of the Information Technology Act (IT Act), 2008, is an ‘intermediary’ defined under Section 79 of the Act.

Twitter maintains a reasonable level of security infrastructure to protect its millions of users. But it also keeps dynamic levels of security measures in place so that untoward attempts of intrusion and intrusions are detected. Likewise, the account user is encouraged to maintain reasonably ‘strong’ passwords so that they cannot be broken into. Twitter, on its part, also allows for a ‘two-factor’ authentication.

As only Gandhi’s and the Congress’ accounts were known to be hacked — and there wasn’t a fulltime breach of databases of Twitter —these are cases of either internal sabotage or external hacking. Today, Indian agencies have the capability to investigate such cases and the legal edifice is also there in the provisions of Section 66(C) and 66(D) of the IT Act — which deals with imprisonment up to three years and a fine that may extend to up to Rs 1 lakh.

Even people involved with the management of the Twitter accounts should be investigated for their practices to secure those passwords if no external linkages are found to be implicated.

However, many cyber attacks often spoof the source of the actual attackers. Until the preliminary investigation results are known, the episode will simply serve to cast aspersions on others.

It is also pertinent to note here that celebrity account hacking is also a phenomenon. In June, Twitter accounts of the late Beatle George Harrison and Rolling Stones guitarist Keith Richards were attacked. There are also websites that provide databases of stolen accounts and their passwords. Even Facebook founder Mark Zuckerberg was once not spared.

Now that Delhi Police has started the investigation, it will be prudent to wait for the outcome. However, it is worthwhile for all users to be more careful about their access controls and growing digital presence in the form of Twitter, Facebook and email addresses.

Also, law enforcement and judicial systems have to be more oriented and trained to keep pace with hacking trends and investigation capabilities. Clearly, these incidents raise concern around cyber security whatever be the affiliation of the perpetrators.

Note: The writer is a defence and cyber security analyst. Views expressed above are the author's own.

Sponsored Stories

Subscribe to our Newsletters

In an interview with ETCIO, Kedar Upadhye, Jt President & Global CFO, Cipla, throws light on some innovative IT projects that Cipla has implemented,as part of its digital transformation strategy, to fuel business growth.

Sudhanshu Pokhriyal, President of Textiles at Raymond, firmly believes that digital transformation is a top-down approach. Taking the lead on the initiative, he has devised an innovative digital strategy that enhances customer experience while helping retailers in their business.